No products in the Quote.
Effective Date: April 21, 2025
Last Updated: April 21, 2025
At Synthetik, the security of our clients’ data and digital assets is a top priority. We take a proactive, layered approach to safeguarding the confidentiality, integrity, and availability of the systems and information entrusted to us.
Synthetik follows a “security by design” and “privacy by design” philosophy, embedding security practices throughout the lifecycle of every project we deliver. We build secure systems from the ground up and continuously evaluate our infrastructure to mitigate emerging threats.
We implement a comprehensive set of technical controls to protect client data:
- Encrypted Communications: All data is encrypted both in transit and at rest using modern encryption protocols.
- Secure Protocols: Our websites and client portals are served exclusively over HTTPS/SSL.
- Firewall & DDoS Protection: We leverage Cloudflare’s Web Application Firewall (WAF) and DDoS mitigation to guard against malicious traffic.
- Server Hardening & Monitoring: Tools like Fail2Ban and server-level configuration limit unauthorized access attempts and help detect anomalies.
- Intrusion Detection & Prevention: Active monitoring is in place to detect and respond to suspicious behavior in real time.
- Least Privilege Principle: Access to sensitive systems and data is restricted solely to the administrator.
- Multi-Factor Authentication (MFA): Internal accounts are protected with MFA to prevent unauthorized access.
- While we currently do not enforce endpoint device policies, we maintain a secure internal environment with minimal access vectors.
- Retention Policy: We store client data for 90 days, or longer if the individual or business is an active client.
- Secure Storage: All data is stored on a secure server environment with restricted access.
- Ongoing Reviews: We regularly audit and assess our data storage and access procedures to ensure continued compliance and security.
We maintain an internal incident response plan to quickly contain and address potential data breaches or threats. In the event of a confirmed security incident that impacts client data, affected parties will be notified promptly with details of the incident and any necessary steps taken to remediate it.
- Staff Training: All employees are trained in modern security practices, including data protection, phishing awareness, and secure communication.
- Trusted Partners: We only work with vetted third-party services that meet our security and privacy standards.
Synthetik aligns with the principles of PIPEDA, GDPR, and other applicable data protection regulations. While we do not currently hold formal certifications, our security protocols are designed to reflect industry best practices and regulatory expectations.
For any questions or concerns about our security practices, please reach out to:
Email: [email protected]
Website: https://synthetik.ca